search

ioBroker / ioBroker.discovery

This adapter tries to discover all known devices
MIT License
28 stars 48 forks source link

discovery should save passwords encrypted #111

Open Garfonso opened 4 years ago

Garfonso commented 4 years ago

Adapters can use discovery to ask user for a password (input of type "password"). It will be a password field in browser with typo-check by repeating entry in a second field (i.e. you can not see the typed password).

Currently the discovery adapter writes those passwords into the adapter configurations as plain text. It would be much preferably if it would support encryption. To be backward compatible this probably should only be an option at first (i.e. a property of 'input' like 'encrypt = true' -> will be stored encrypted). Because the adapter can not detect if the password stored in its config is encrypted or not, this should be optional at first. There are quite some adapters using an input of type password:

pdbjjens commented 1 year ago

@Garfonso @Apollon77 I would like to add some additional requirement to this enhancement request which I would need for the implementation of a discovery module for the frontier-silicon community adapter.

A password should not only be encrypted in the discovery module via inputs: [passwordInput] as requested above but it should be also possible to set a password directly in the discovery module in the native object as a value in clear text and then be passed on to the adapter in encrypted form.

Background: I'm working on a discovery module for the frontier-silicon community adapter.

https://github.com/iobroker-community-adapters/ioBroker.frontier_silicon/tree/master

https://github.com/pdbjjens/ioBroker.discovery/blob/master/lib/adapters/frontier_silicon.js

I have defined a password (PIN) in io-package.json "protectedNative": [ "PIN" ], "encryptedNative": [ "PIN" ], "native": { "PIN": "", "IP": "" },

and in jsonConfig.json,

            "PIN": {
                "type": "password",
                "repeat": false,
                "visible": true,
                "maxLength": 4,
                "sm": 12,
                "md": 6,
                "lg": 6,
                "label": "PIN code",
                "help": "PIN of your media player, default is 1234"
            },

which I would like to assign a default PIN to by the discovery module.

    instance = {
        _id: id,
        common: {
            name: 'frontier_silicon'
        },
        native: {
            IP: ip,
            PIN: '1234'
        },
        comment: {
            add: `Frontier UNDOK Device ${device._name} (${ip})`
        }

For the IP that is also defined, the preassignment works when the adapter starts, but the PIN is defined as "encryptedNative" and "protectedNative" and if I pass the PIN in plain text as a string, this string is apparently decrypted when the adapter starts and is therefore incorrect.

It would be perfect if the discovery adapter would support something like tools.encrypt:

    instance = {
        _id: id,
        common: {
            name: 'frontier_silicon'
        },
        native: {
            IP: ip,
            PIN: tools.encrypt('1234')
        },
        comment: {
            add: `Frontier UNDOK Device ${device._name} (${ip})`
        }
GermanBluefox commented 1 year ago

You can use encryptedNativeLegacy to write old encrypted passwords and encryptedNative to encrypt with new method

pdbjjens commented 1 year ago

@GermanBluefox I am sorry to say that I do not quite understand how to use this in a detector module. Should it be like this to hand the PIN to the adapter encrypted:

instance = {
    _id: id,
    common: {
        name: 'frontier_silicon'
    },
   encryptedNative: {
       PIN: '1234'
   },
    native: {
        IP: ip
    },
    comment: {
        add: `Frontier UNDOK Device ${device._name} (${ip})`
    }
pdbjjens commented 1 year ago

@Garfonso @GermanBluefox Since I found that my code above does not do the job, can you point me to an example which shows how to use encryption in a detector module?

pdbjjens commented 12 months ago

@Apollon77 @GermanBluefox @Garfonso Can you show me how to use encryptedNativeLegacy to write old encrypted passwords and encryptedNative to encrypt with new method from within a detector module? I still could not figure out the syntax how to encrypt a PIN within a detector module based on your fix from Sep 4 (See the problem description above in my post from Aug.25)